Requirements to diligently manage human and environmental risks
Investors, consumers and – most recently regulators – are increasingly expecting companies to practice due diligence in relation to potential violations of human rights and environmental laws in their supply chains.
Third Parties helps you fulfill your due diligence obligations and manage associated compliance risks – simply and efficiently.
Upload/transfer and manage relevant company/supplier data in the Data Center.
- Central repository for company-specific data, including subsidiaries and (in)direct suppliers.
Prioritize and sort your suppliers based on the country and sector risk ratings.
- See which companies require closer examination or specific measures
- Clear prioritization of further risk management efforts
Request a Supplier evaluation directly via Third Parties.
- Suppliers are invited to join and self-evaluate on the EQS Partner Integrity Hub.
The evaluation results are then shared with customers directly in Third Parties and in the form of a company profile via the Partner Integrity Hub.
Partner Integrity Hub evaluation results are shown directly in Third Parties.
Complementary manual risk assessment for specific high-risk suppliers
- Implementation and documentation of a focused risk analysis in accordance with the LKSG
Assignment of potential legal violations to individual suppliers
- Supplementing the focused risk analysis by documenting the feared violations of the law with the help of the violations register
Organization of measures with integrated task management
- Planning of selected preventive measures for the respective company or group of companies
Basis: register of measures
- Pre-filled register of measures serves as a starting point for the assignment of measures
Grievances can be organized, documented and connected to ongoing risk management efforts.
- Automatic transfer of relevant grievances from the EQS Integrity Line
- Linking incoming grievances with risk groups, companies and measures
Effectiveness of control measures based on the evolution of risk assessments over time.
- Regular and event-related risk analyses are documented and, if necessary, archived
- The traceability of risk development over time makes it possible to monitor the effectiveness of measures
All due diligence efforts can be documented and archived on an ongoing basis
The Partner Integrity Hub
The Partner Integrity Hub is a platform where information on responsible business practices can be collected, evaluated, and shared.
The maturity of a company’s Environmental, Social, and Governance (ESG) practices is assessed via a standardized questionnaire, in line with internationally recognized standards and frameworks. The results of which are then showcased via a shareable profile.
The Partner Integrity Hub’s evaluation covers key ESG themes, including:
- Human & Labour Rights
- Health & Safety at Work
- Environmental Responsibility & Climate Impacts
- Anti-Bribery & Corruption
- Diversity & Equal Opportunity
You have questions? We have answers!
Many European companies have passed regulations to anchor human rights and environmental standards in supply chains. In Germany, the Supply Chain Due Diligence Law (Lieferkettensorgfaltspflichtengesetz) came into force in 2023, the UK Modern Slavery Act has been in place since 2017, and other European countries such as France, Norway and Switzerland have since followed suit with similar regulations. All these laws are to varying degrees based on the United Nation’s Guiding Principles for Business & Human Rights, as first published in 2011.In 2024, the European Corporate Sustainability Due Diligence Directive is expected to be passed, this will further raise requirements from companies.
The German Supply Chain Due Diligence Act (LkSG) applies to companies headquartered in Germany with more than 3,000 employees from January 2023. From 2024, the law will apply to companies with more than 1,000 employees. Foreign companies’ subsidiaries in Germany, who exceed these employee numbers, are also covered by the law. Foreign companies that sell to affected German businesses, along with small German businesses, also feel the impact. This is because the larger German firms under this law are asking their suppliers to follow the same rules.
Third Parties plays a crucial role in the overall non-financial risk management of your company, particularly addressing Supply Chain Due Diligence, requirements . As such, it helps you comply with specific regulations such as the German Supply Chain Due Diligence Law (Lieferkettensorgfaltspflichtengesetz or LkSG), or other nationally relevant supply chain due diligence regulations.
Third Parties is primarily designed to help users comply with common supply chain due diligence requirements, e.g. those of the German Supply Chain Due Diligence Act, of similar supply chain due due diligence laws in other countries, or of the UN’s and OECD’s related requirements. The user can also customize the types of potential legal violations managed in the system, as well as the measures to manage risks of violations. This opens a broad range of further application possibilities in regards to the management of other compliance risks. However, the tool is not intended for the management of commercial risks.
Third Parties can benefit companies across all industries, sectors, and countries. It offers users the flexibility to incorporate industry or sector-specific violations and measures, ensuring wide-ranging applicability. It also contains abstract risk ratings for all major sectors.
Third Parties is a comprehensive non-financial risk management solution, particularly focused on addressing human rights and environmental risks. It is specifically tailored to prioritizes risks based on criteria such as the potential number of affected individuals, the severity of effects, the probability of occurrence, and the potential for remediation.
Third Parties offers several features to assist you in prioritizing your efforts to manage risks effectively:
- a. Abstract Risk Calculation: The system automatically calculates an abstract risk score for suppliers based on country and sector as soon as they are uploaded to the risk manager.
- b. Filtering Capabilities: Third Parties allows you to filter suppliers based on various criteria for e.g., abstract risk, spend, number of employees, country, sector, and user tags. This enables you to focus on suppliers that may pose higher risks or are of greater significance to your organization.
- c. Supplier Evaluation: For additional information on your suppliers, our supplier evaluation feature enables you to efficiently obtain further first-hand information from your suppliers, helping you to assess supplier-specific risks.
Third Parties continuously documents your due diligence efforts, including the risk analysis, its results, and the measures you take in order to manage risks. Based on this, the risk manager can automatically compile most of the answers to the questions which the BAFA (Bundesamt für Wirtschaft und Ausfuhrkontrolle) asks in it’s digital reporting platform.
Yes. Third Parties provides a range of training and support resources to assist users in their risk management efforts. This includes a comprehensive library of violations that encompass the protected positions defined by the LksG and a library of measures to effectively manage and prevent these violations. Furthermore, Third Parties includes a selection of templates such as the Declaration of Principles, training materials, and audit checklists.
Third Parties is currently available for use in German and English. However, new languages will be added soon.
EQS Group supports compliance with the European Data Protection Regulation (GDPR) and other data protection regulations worldwide through various measures at the organizational, technical and functional level.
At the organizational level, through measures taken for information security and data protection in the form of a proper and certified ISMS according to ISO 27001 standards. This is subject to regular internal and independent audits.
Customers have the option to use both private or public clouds, with private clouds being offered in France, Germany and Switzerland.
The estimated timeline for implementing Third Parties, including supplier data upload and integration, typically ranges from 2 to 6 weeks.